Daniel Weiße
9765003298
cli: print ordered measurements list during constellation verify
( #2302 )
...
* Print measurements as ordered list during verify
* Fix missing safety check in AWS attestation validation
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-09-08 08:08:09 +02:00
Adrian Stobbe
0eb9ca2e18
move csp logic to cloudcmd ( #2311 )
2023-09-07 12:10:36 +02:00
Otto Bittner
6e5ba774d8
cli: disable nosmt via VMM temporarily.
...
AWS asked us to disable these options temporarily until they resolve
some internal issues that sometimes prevents these instances
from starting.
2023-09-05 08:23:18 +02:00
Daniel Weiße
311da4c082
cli: correctly trim white spaces for certificates in verify
( #2299 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-09-04 08:30:18 +02:00
Otto Bittner
75ce11af14
cli: disable smt via cpu_options ( #2291 )
...
Disabling SMT dynamically inside the image creates problems on AWS.
The problem should be fixed by disabling smt through the VMM.
By recommendation from AWS: add idle=poll.
This should improve our launch success rate while they investigate some
upstream issues.
2023-09-01 11:26:21 +02:00
Daniel Weiße
ce374243ef
cli: retry join-config operations ( #2290 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-29 11:40:44 +02:00
Adrian Stobbe
19893c565e
docs: document constellation-cluster.log file ( #2285 )
2023-08-25 12:50:12 +02:00
Adrian Stobbe
a03325466c
cli: helm install and upgrade unification ( #2244 )
2023-08-24 16:40:47 +02:00
Adrian Stobbe
9e79e2e0a1
cli: cleanup terraform files when create fails ( #2282 )
2023-08-24 16:38:02 +02:00
Daniel Weiße
47fc676927
cli: parse image and k8s versions as semver ( #2235 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-23 14:37:53 +02:00
Daniel Weiße
0a911806d1
cli: remove/refactor upgrade package ( #2266 )
...
* Move IAM migration client to cloudcmd package
* Move Terraform Cluster upgrade client to cloudcmd package
* Use hcl for creating Terraform IAM variables files
* Unify terraform upgrade code
* Rename some cloudcmd files for better clarity
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-23 10:35:42 +02:00
Daniel Weiße
053aa60e47
cli: remove helm management from join-config ( #2251 )
...
* Replace UpdateAttestationConfig with ApplyJoinConfig
* Dont set up join-config over Helm, it is now only managed by our CLI directly during init and upgrade
* Remove measurementSalt and attestationConfig parsing from helm, they were only needed for the JoinConfig
* Add migration step to remove join-config from Helm management
* Update attestation config trouble shooting tip
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-23 08:14:39 +02:00
Daniel Weiße
afa7fd0edb
cli: refactor kubernetes package ( #2232 )
...
* Clean up CLI kubernetes package
* Rename CLI kubernetes pkg to kubecmd
* Unify kubernetes clients
* Refactor attestation config upgrade
* Update CODEOWNERS file
* Remove outdated GetMeasurementSalt
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-21 16:15:32 +02:00
Daniel Weiße
3bf316e28f
cli: add spinner to helm chart installation ( #2270 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-21 15:12:23 +02:00
3u13r
bb654ba1ab
cli: fix incorrect actual values for constellation verify on AWS ( #2265 )
...
* cli: fix aws pcr index
2023-08-21 13:50:00 +02:00
Daniel Weiße
9477999be2
cli: clean up terraform package ( #2256 )
...
* Clean up Terraform pkg
* Add note to Terraform migration functions expecting to be run on initialized workspace
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-21 10:26:53 +02:00
renovate[bot]
ae7888a13f
deps: update Terraform azuread to v2.41.0 ( #2254 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-17 10:29:49 +02:00
Adrian Stobbe
ca47d26634
cli: fix upgrade by passing placeholder values for images ( #2250 )
...
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-08-17 07:16:09 +02:00
Thomas Tendyck
587ae6a575
deps: limit Terraform version to FOSS releases ( #2241 )
...
* deps: limit Terraform version to FOSS releases
* fix: enforce upper version constraint
---------
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-08-16 23:25:53 +02:00
Daniel Weiße
c2bb884a04
cli: fix incorrect file path for master secret during upgrades when using workspace flag ( #2249 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-16 15:38:40 +02:00
Adrian Stobbe
5574092bcf
ref: update code for 2.11 ( #2239 )
...
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-08-16 11:34:58 +02:00
Daniel Weiße
ed0bfd9d41
cli: move helm and terraform out of kubernetes package ( #2222 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-16 09:59:32 +02:00
Adrian Stobbe
0332a3645f
cli: update join-config manually during upgrade ( #2229 )
...
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-08-15 13:58:04 +02:00
3u13r
c597ffb1cf
upgrade: don't pass vm image ( #2211 )
2023-08-14 15:16:07 +02:00
Adrian Stobbe
58e9906811
only allow chart upgrades with greater version ( #2224 )
2023-08-14 15:08:25 +02:00
3u13r
8c321ec1ab
cli: add role to aws instance name ( #2130 )
2023-08-14 13:42:20 +02:00
Adrian Stobbe
1af13878a0
fix configmap backup during upgrade ( #2219 )
2023-08-14 09:16:46 +02:00
Adrian Stobbe
4788467bca
cli: upgrade uses same helm releases as init ( #2177 )
2023-08-11 15:18:59 +02:00
Daniel Weiße
0e73e625d1
cli: don't refer to a message below, as it was printed above ( #2216 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-11 14:35:25 +02:00
Daniel Weiße
dcd1c8bd1e
Fix CSI chart version not being compared to CLI version
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-11 12:20:21 +02:00
Daniel Weiße
589ac8c400
cli: correctly print absolute path for kubeconfig ( #2207 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-11 10:40:27 +02:00
Daniel Weiße
e30179a8aa
Remove manual state migration steps for AWS
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-10 15:46:59 +02:00
Malte Poll
9aa14f58eb
bazel: remove stale build rules ( #2202 )
2023-08-10 11:16:06 +02:00
Daniel Weiße
89b342900f
Move workspace path functions to sub-package of cmd
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-09 15:42:24 +02:00
Daniel Weiße
99c579b45a
Add package design goals to CLI package documentation
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-09 15:42:24 +02:00
Daniel Weiße
946942ba68
Add package updating/creation tips to dev-docs
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-09 15:42:24 +02:00
Daniel Weiße
21c80e7bf3
Remove iamid package
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-09 15:42:24 +02:00
Daniel Weiße
23394ea2e2
cli: fix missing safety check in ShowIAM ( #2165 )
...
* Add missing safety check to ShowIAM
* someErr->assert.AnError
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-09 15:25:59 +02:00
Daniel Weiße
c9cae643e2
internal: fix unmarshalling attestation version numbers from JSON ( #2187 )
...
* Fix unmarshalling attestation version numbers from JSON
* Add unit test for UnmarshalJSON
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-09 15:11:14 +02:00
Adrian Stobbe
656cdbb4bb
remove unused CloudServiceAccountUri from init request ( #2182 )
2023-08-09 14:16:45 +02:00
Adrian Stobbe
70861ee8ad
cli: declare mastersecret as immutable and print attestationCfg diff in warning ( #2167 )
2023-08-08 13:03:23 +02:00
Paul Meyer
e97b2afc14
cli: print maa token in verify
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-08 11:50:26 +02:00
Daniel Weiße
8dbe79500f
cli: fix incorrect usage of masterSecret salt for clusterID generation ( #2169 )
...
* Fix incorrect use of masterSecret salt for clusterID generation
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-08-07 15:24:46 +02:00
Malte Poll
15bb9588d7
cli: update config migration to migrate v3 -> v4 ( #2166 )
2023-08-04 15:57:36 +02:00
Daniel Weiße
d1ace13713
cli: add --workspace
flag to set base directory for Constellation workspace ( #2148 )
...
* Remove `--config` and `--master-secret` falgs
* Add `--workspace` flag
* In CLI, only work on files with paths created from `cli/internal/cmd`
* Properly print values for GCP on IAM create when not directly updating the config
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-04 13:53:51 +02:00
renovate[bot]
ec33530c38
deps: update gcr.io/kubebuilder/kube-rbac-proxy Docker tag to v0.14.1 ( #2063 )
...
* deps: update gcr.io/kubebuilder/kube-rbac-proxy Docker tag to v0.14.1
* deps: use gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-08-04 13:49:38 +02:00
Malte Poll
7bfcb0bd5d
cli: remove old config migration from v2 to v3
2023-08-04 12:36:45 +02:00
Malte Poll
56089a4c70
cli: update init_test to use nodeGroups
2023-08-04 12:36:45 +02:00
Malte Poll
7dfac1f758
cli: use nodeGroups when setting default disk size for QEMU
2023-08-04 12:36:45 +02:00
Malte Poll
0c20ccb477
terraform: create nodeGroups in tfvars from nodeGroups in config
2023-08-04 12:36:45 +02:00